Top 17 State & Local Cybersecurity Leaders to Watch

Jackson Muhirwe

Director of Cybersecurity Services
San Francisco

Whats your current position and how did you get there?

I serve as the Director of Cybersecurity services for the Department of Technology and Interim City Chief Information Security Officer (CISO) for the City and County of San Francisco. I have almost two decades working experience in IT spanning 4 continents. I got into my current position as a promotion from a previous role where I served the City as the Cybersecurity Program manager. Prior to joining the City of San Francisco, I served in academia as a professor teaching and conducting research on cybersecurity. I made contributions to Cybersecurity through training the next generation cybersecurity professionals, conducting research, participating in cybersecurity awareness events and participating in cyber defense competitions. Prior to my academic engagements, I spent over 5 years as a director of IT for a diplomatic inter-government organization. In this role, I was responsible for all IT operations including security.

Whats your biggest ongoing project?

My biggest project is an identity management system upgrade. Although this is not the most expensive project I am running, it happens to be the one with the biggest scope and biggest potential impact. This project has potential to impact over 40,000 information systems users

Whats the best cybersecurity decision you ever made?

I have two responses and they are all related to people. The first is personal, I think the best and most difficult decision I have made so far in regards to cybersecurity was accepting the position at the City of San Francisco. This decision was about moving from focusing on the state of the art to the state of the practice. The second part is in regards to a choice to invest in either technology first or people and my choice has been people first and then technology. When you choose people first, they help you choose the right tools. This is one of the great lessons I learned from my predecessor and my CISO mentor, Joe Voje. Following this principle has given an opportunity to lead an amazingly diverse team of cybersecurity professionals protecting the technology capital of the world.

Lynne Pizzini

Deputy CIO & CISO
State of Montana

Whats your current position and how did you get there?

I am the deputy CIO and CISO for the State of Montana.I have over 25 years of service in state government. I started out doing administrative support in the computer area and worked my way up over the years. I have a passion for security which was pretty evident in my earlier career. I developed the security program for Montana beginning as the one and only anti-virus and firewall support person for the state. As security progressed, so did my career. I was very excited to get my first employee reporting to me to help with the security program back in 1999. They thought it would be best if I had some help as we rolled over into the year 2000. Since then, I have made it my mission to educate people about security. I have a slogan that I use quite often Its All About Security that all of our staff can recite to you. Probably because I say it so much! Three years ago, I took on the responsibilities of deputy CIO because our state CIO really wants to focus on security across the organization. It has helped to incorporate many processes into our systems to ensure that we are doing our best to secure our environment with the resources that we have.

Whats your biggest ongoing project?

The largest ongoing security project for the State of Montana is continuous monitoring. We have incorporated many processes to review and monitor our systems to ensure compliance as well as security. Since our environment is constantly changing, our monitoring abilities and requirements are constantly changing. This is a project that will never end, but will adjust as we get new systems and better, automated capabilities to review our environment.

Whats the best cybersecurity decision you ever made?

The best cybersecurity decision I ever made was becoming involved with the Multi-State Information Sharing and Analysis Center (MS-ISAC). I remember getting a phone call from Will Pelgrin, the State of New York security officer at the time, in 2002 asking me if I was interested in joining a group of other state security officers to share information and ideas about security. Since I felt like I was on my own most of the time (there was not much education or knowledge about cybersecurity then), I said, Sure, why not? I thought it would be great to talk to other people that had a similar role. The organization began with a handful of states and it was very helpful to me. I still have relationships with some of the original people that were and are part of MS-ISAC. I know that I can discuss challenges, ideas, etc. with people that have similar experiences and knowledge with complete confidence that the discussion will be kept confidential.

Michael Roling

Chief Information Security Officer
State of MIssouri

Whats your current position and how did you get there?

I have been the chief information security officer for the Office of Administration, Information Technology Services Division, for the State of Missouri since 2009. I lead the Office of Cyber Security and am responsible for overseeing the IT security posture for the State of Missouri.

Prior to becoming CISO, I held several positions in state government and the private sector that led to where Im at today. I started my IT career as a mainframe and web developer working for Anheuser-Busch and then SBC (now AT&T). During my time with SBC, I was also the defect manager for one of the larger SBC enterprise customer products at the time. Looking back on my career, I would say being the defect manager is where my passion for security started. Lessons of risk mitigation, risk acceptance, and business impact were definitely learned during my time in that position. Since then, working in various roles in state government for the Missouri Attorney Generals Office and the Office of Administration have sharpened my skillset to where Im at today.

Whats your biggest ongoing project?

The biggest ongoing project would be our awareness program. Theres no end date or finish line as the activities around raising awareness are vast and continuous. From high-level discussions with cabinet members to the 38,000-plus cybersecurity lessons deployed every month, raising awareness to create a culture that fosters the adoption of cybersecurity best practices is one of our top priorities.

Whats the best cybersecurity decision you ever made?

The creation of our cybersecurity plan years ago would probably be the best decision that we have made. It focuses in on four key goals: raising awareness, using cutting edge technologies to detect and protect against malicious activity, responding to incidents swiftly and effectively, and maintaining IT governance throughout various process. We do not foresee these goals ever changing; however, we continuously update our various strategies and tactics to make them happen.

Randell Smith

Chief Information Security Officer
Phoenix

What’s your current position and how did you get there?

My current position is chief information security officer and chief privacy officer for the City of Phoenix. I have been in current role for almost 9years with the city. Ive been in the information security/cybersecurity field for over 30 years. I am also a retired captain (U.S. Navy) and naval cryptologist. My certifications include Certified Information Security Manager (CISM); Certified Information Systems Security Professional (CISSP); Project Management Professional (PMP); and Information Technology Infrastructure Library (ITIL V2, V3 Foundation and Service Operations).

I provide strategic oversight, direction, and coordination for citys information security and privacy programs based on internationally recognized information security governance best practices. My duties include drafting, vetting and implementing information security and privacy policies, standards, and standard operating procedures for 15,000 plus employees. I am also responsible and accountable for critical control system security program oversight to include recommendation and implementation of approved citywide critical control system policy based on industry best practices, federal and state regulations, legal requirements, and line-of-business needs.

I serve as the primary liaison between city departments, the Office of Emergency Management, and Arizona Counter Terrorism Information Center (ACTIC) relative to critical controls security.

Lastly, I spearhead the City’s Payment Card Industry Data Security Standards (PCI DSS) strategic assessment and remediation for 26 functional Departments processing $200 million plus transactions annually. In my role as chief privacy officer, I am responsible for coordination and oversight of citys information management plans. My duties include monitoring security and privacy trends; coordinating with the city attorney and deputy city manager; and collaborating with government and private sector critical infrastructure key resource (CIKR) partners on security and privacy related initiatives. I direct all actions to investigate or remediate a privacy breach.

What’s your biggest ongoing project?

From a security standpoint, our most important ongoing project is a network vulnerability management and remediation. As the fifth-largest city in the U.S., protecting confidential and personal identifying information and safeguarding the public trust for 1.6 million citizens and 15,000-plus employees is our No. 1 job. With the increasing number of cyberattacks daily targeting both large and small businesses, as well as local governments, keeping systems and networks current on patches and updates is a priority.

What’s the best cybersecurity decision you ever made?

Actively working with our city leadership to partner with our cybersecurity counterparts in our local cities, counties and the State of Arizona, and universities in addition to working closely with our Federal Partners (FBI, DHS, TSA, MS-ISAC, etc.). We also work hand-in-hand with local, trusted private organizations and companies, anonymously sharing real-time threat intelligence and attack information. These partnerships are invaluable in sharing lessons learned, forming trusted relationships and creating collaborative networks of highly talented security professionals who can collectively solve real-world problems in a space that is constantly evolving.

Elayne Starkey

Chief Security Officer
State of Delaware

Whats your current position and how did you get there?

My journey started in the private sector doing software engineering at Xerox Corporation in Rochester, New York and Perdue Farms Inc. in Salisbury, Maryland. Then I moved to the public sector as the CIO for the Delaware Department of Public Safety,then to CTO for the Department of Technology and Information (DTI). I now serve as DTIs CSO.

Whats your biggest ongoing project?

Proactive risk management, enterprise-wide situational awareness, and risk awareness through education.

Whats the best cybersecurity decision you ever made?

Assembling an AMAZING team who does an incredible job focusing on protecting the information assets of the State of Delaware. It is truly a race with no finish line!